Add env var documentation in readme

Author: jdalton

README.md

@@ -3,7 +3,7 @@
 [![Socket Badge](https://socket.dev/api/badge/npm/package/socket)](https://socket.dev/npm/package/socket)
 [![Follow @SocketSecurity](https://img.shields.io/twitter/follow/SocketSecurity?style=social)](https://twitter.com/SocketSecurity)
 
-> CLI tool for [Socket.dev](https://socket.dev/)
+> CLI tool for [Socket.dev]
 
 ## Usage
 
@@ -15,11 +15,11 @@ socket --help
 ## Commands
 
 - `socket npm [args...]` and `socket npx [args...]` - Wraps `npm` and `npx` to
-  integrate Socket and preempt installation of alerted packages using the
+  integrate [Socket.dev] and preempt installation of alerted packages using the
   builtin resolution of `npm` to precisely determine package installations.
 
 - `socket optimize` - Optimize dependencies with
-  [`@socketregistry`](https://github.com/SocketDev/socket-registry) overrides!
+  [`@socketregistry`](https://github.com/SocketDev/socket-registry) overrides
   _(👀 [our blog post](https://socket.dev/blog/introducing-socket-optimize))_
 
   - `--pin` - Pin overrides to their latest version.
@@ -35,8 +35,7 @@ socket --help
 All aliases support the flags and arguments of the commands they alias.
 
 - `socket ci` - alias for `socket report create --view --strict` which creates a
-  report and quits with an exit code if the result is unhealthy. Use like eg.
-  `socket ci .` for a report for the current folder
+  report for the current directory and quits with an exit code if the result is unhealthy.
 
 ## Flags
 
@@ -48,10 +47,10 @@ All aliases support the flags and arguments of the commands they alias.
 
 ### Output flags
 
-- `--json` - outputs result as json which you can then pipe into
-  [`jq`](https://stedolan.github.io/jq/) and other tools
-- `--markdown` - outputs result as markdown which you can then copy into an
-  issue, PR or even chat
+- `--json` - Outputs result as JSON which you can then pipe into
+  [`jq`](https://stedolan.github.io/jq/) and other tools.
+- `--markdown` - Outputs result as Markdown which you can then copy into an
+  issue, PR, or chat.
 
 ## Strictness flags
 
@@ -82,7 +81,22 @@ use of the `projectIgnorePaths` to excludes files when creating a report.
 
 ## Environment variables
 
-- `SOCKET_CLI_API_TOKEN` - if set, this will be used as the API-key
+- `SOCKET_CLI_ACCEPT_RISKS` - Accept risks of a safe-npm and safe-npx run.
+- `SOCKET_CLI_API_TOKEN` - Set the Socket API token.
+  Aliases: `SOCKET_CLI_API_KEY`, `SOCKET_SECURITY_API_TOKEN`, and `SOCKET_SECURITY_API_KEY`
+- `SOCKET_CLI_CONFIG` - A JSON stringified Socket configuration object.
+- `SOCKET_CLI_GIT_USER_EMAIL` - The git config user.email used by Socket CLI.
+  Defaults to `'github-actions[bot]@users.noreply.github.com'`
+- `SOCKET_CLI_GIT_USER_NAME` - The git config user.name used by Socket CLI.
+  Defaults to `'github-actions[bot]`.
+  Aliases: `SOCKET_CLI_GIT_USERNAME`
+- `SOCKET_CLI_GITHUB_TOKEN` - A classic [GitHub personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens) with the "repo" scope or a fine-grained access token with at least read/write permissions set for "Contents" and "Pull Request".
+  Aliases: `SOCKET_SECURITY_GITHUB_PAT` and `GITHUB_TOKEN`
+- `SOCKET_CLI_NO_API_TOKEN` - Make the default API token `undefined`.
+- `SOCKET_CLI_NPM_PATH` - The absolute location of the npm directory.
+- `SOCKET_CLI_ORG_SLUG` - Specify the Socket organization slug.
+  Aliases: `SOCKET_ORG_SLUG`
+- `SOCKET_CLI_VIEW_ALL_RISKS` - View all risks of a safe-npm and safe-npx run.
 
 ## Contributing
 
@@ -101,21 +115,24 @@ That should invoke it from local sources. If you make changes you run
 
 ### Environment variables for development
 
-- `SOCKET_CLI_API_BASE_URL` - if set, this will be the base for all
-  API-calls. Defaults to `https://api.socket.dev/v0/`
-- `SOCKET_CLI_API_PROXY` - if set to something like
-  [`http://127.0.0.1:9090`](https://docs.proxyman.io/troubleshooting/couldnt-see-any-requests-from-3rd-party-network-libraries),
-  then all request will be proxied through that proxy
+- `DEBUG` - Enable debug logging based on the [`debug`](https://socket.dev/npm/package/debug) package.
+- `SOCKET_CLI_API_BASE_URL` - Change the base URL for all API-calls.
+  Defaults to the "apiBaseUrl" value of socket/settings local app data if present, else `https://api.socket.dev/v0/`.
+  Aliases: `SOCKET_SECURITY_API_BASE_URL`
+- `SOCKET_CLI_API_PROXY` - Set the proxy that all requests are routed through.
+  For example, if set to [`http://127.0.0.1:9090`](https://docs.proxyman.io/troubleshooting/couldnt-see-any-requests-from-3rd-party-network-libraries), then all request are proxied through that proxy.
+  Aliases: `HTTPS_PROXY`, `https_proxy`, `HTTP_PROXY`, and `http_proxy`
+- `SOCKET_CLI_DEBUG` - Enable debug logging in Socket CLI.
+  Not needed if `DEBUG` is specified.
 
 ## Similar projects
 
-- [`@socketsecurity/sdk`](https://github.com/SocketDev/socket-sdk-js) - the SDK
-  used in this CLI
+- [`@socketsecurity/sdk`](https://github.com/SocketDev/socket-sdk-js) - The SDK used by Socket CLI
 
 ## See also
 
 - [Announcement blog post](https://socket.dev/blog/announcing-socket-cli-preview)
-- [Socket API Reference](https://docs.socket.dev/reference) - the API used in
-  this CLI
-- [Socket GitHub App](https://github.com/apps/socket-security) - the
-  plug-and-play GitHub App
+- [Socket API Reference](https://docs.socket.dev/reference) - The API used by Socket CLI
+- [Socket GitHub App](https://github.com/apps/socket-security) - The plug-and-play GitHub App
+
+[Socket.dev]: https://socket.dev/

src/constants.mts

@@ -340,7 +340,7 @@ const LAZY_ENV = () => {
     // programs are located. When a command is run, the system searches these
     // directories to find the executable.
     PATH: envAsString(env['PATH']),
-    // Accept risks of safe-npm and safe-npx run.
+    // Accept risks of a safe-npm and safe-npx run.
     SOCKET_CLI_ACCEPT_RISKS: envAsBoolean(env[SOCKET_CLI_ACCEPT_RISKS]),
     // Change the base URL for all API-calls.
     // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development
@@ -349,7 +349,7 @@ const LAZY_ENV = () => {
       envAsString(env['SOCKET_SECURITY_API_BASE_URL']) ||
       getConfigValueOrUndef('apiBaseUrl') ||
       'https://api.socket.dev/v0/',
-    // Set the proxy all requests are routed through.
+    // Set the proxy that all requests are routed through.
     // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development
     SOCKET_CLI_API_PROXY:
       envAsString(env['SOCKET_CLI_API_PROXY']) ||
@@ -388,14 +388,14 @@ const LAZY_ENV = () => {
       GITHUB_TOKEN,
     // Make the default API token `undefined`.
     SOCKET_CLI_NO_API_TOKEN: envAsBoolean(env['SOCKET_CLI_NO_API_TOKEN']),
-    // The absolute location of the npm bin file.
+    // The absolute location of the npm directory.
     SOCKET_CLI_NPM_PATH: envAsString(env['SOCKET_CLI_NPM_PATH']),
     // Specify the Socket organization slug.
     SOCKET_CLI_ORG_SLUG:
       envAsString(env['SOCKET_CLI_ORG_SLUG']) ||
       // Coana CLI accepts the SOCKET_ORG_SLUG environment variable.
       envAsString(env['SOCKET_ORG_SLUG']),
-    // View all risks of safe-npm and safe-npx run.
+    // View all risks of a safe-npm and safe-npx run.
     SOCKET_CLI_VIEW_ALL_RISKS: envAsBoolean(env[SOCKET_CLI_VIEW_ALL_RISKS]),
     // Specifies the type of terminal or terminal emulator being used by the process.
     TERM: envAsString(env['TERM']),